[ad_1]
Last month we covered macOS Keychain exploit that seemingly could expose user credentials and passwords. At the time, the researcher Linus Henze did not disclose the workings of the exploit to Apple as a protest because Apple does not offer a bug bounty reward scheme for macOS. Despite no change on that front of Apple, Henze has decided to protect users.
Try Amazon Prime 30-Day Free Trial
The iOS bug bounty program launched in 2017. The lack of bug bounties for macOS exploits is seen as a slight against Mac users, as if Apple does not value their security as much as iOS customers. Many believe that Apple will eventually set up a macOS bug bounty program, it's just dragging its feet.
Henze is obviously upset that his work will seemingly go unpaid, unless Apple changes its mind soon. Around the time that we were originally covered by the bug, Henze says that he gets the message. He said he would be able to pay a tribute to his findings. Apple did not respond. On February 8th, Henze Feels Apple Security an email asking for an official statement as to why Apple is not offering a bug bounty program for Mac users.
On Tuesday @Apple I would send them the details about my exploit. I told them that I would accept my offer. However, I've got no response from them. Today I wrote them again. Attached is an image of what I wrote. pic.twitter.com/GcNv8VQISH
– Linus Henze (@LinusHenze) February 8, 2019
This email was also apparently ignored. It's disappointing that Apple would not be less accustomed to macOS bug bounty program is in the works. With his stunts falling on the seemingly deaf ears, he has now submitted An explanation of his exploit to Apple as he believes a critical patch is necessary to protect Mac users.
[ad_2]
Source link